In the post, Balic explains that he uncovered 13 bugs while researching Apple's security, and reported them all through Apple's bug reporting site, bugreport.apple.com. One of those bugs allowed him access to developers' user names, email addresses, and possibly other personal information. According to Balic, Apple's developer site went down just a few hours after submitting the last bug report. He has still not been contacted by Apple, but appears frustrated that the incident is being treated as a security threat, asserting that he intended no harm and reported bugs to Apple as they were discovered.

Balic also posted a YouTube video, above, in which he shows some of the data he was able to acquire for several different users where you can see names and email addresses. He also explained in emails with 9to5Mac and The Next Web that the personal information disclosed did not only affect developers, but non-developers as well. The video ends with a written statement from Balic reiterating that he shared the bugs he found with Apple and intends to delete any of the user data he acquired as part of his research.

We won't know for sure if Balic is ultimately responsible for Apple's takedown and subsequent overhaul of the developer portal unless Apple confirms it, but it would be an interesting coincidence if he is not. We have reached out to Balic for comment, but have not yet heard back.

Update: Jim Dalrymple spoke to Apple about the security issues and has posted what he learned on The Loop.

Update 2: Balic has made the YouTube video private since this article was posted.

Some people have reported that they have had suspicious change password requests this weekend. Since some of those usernames correspond to imore names, if you were one of those people, were your email addresses exposed in that YouTube video?

If not, it may suggest that Balic posted some email addresses in other channels, or that somebody else has found and exploited these holes in the wild, and is trying to use them before they are closed in the wake of Balic reporting them to Apple.

He is just covering his tracks. Reporting it to Apple is another cover your tracks. Security research? No, criminal activity? Yes. I am suprised youtube did not take the video down, and shut down his account.

Nah. For that to be true he would have to have the expertise to penetrate Apple's systems while simultaneously being incompetent enough to get caught.

Which is possible, but then as a kicker your assertion also requires:

c) Apple would have to be so careless of its developers that they would leave the holes open and their developer's data exposed *KNOWING THERE WAS AN EXPLOIT IN THE WILD* until the exploiter actually filed a public radar issue.

You can think Balic is an idiot, but if you think that he is covering his tracks after getting caught, you must think far, far less of Apple.